Lines Of Defence Against Harmful Events
Crisis response is the final line of defence an organisation possesses in the face of harmful events. It is important to place it in its proper context, because when a crisis does erupt, it is because one or more earlier lines of defence have failed.
Here we follow on from our earlier discussion of the 'Scale of Harmful Events', (see related posts) but our emphasis shifts away from the type of event to the control mechanisms that exist to contain them. These span the planning and design phase of an organisation, as it takes shape over time, through its day to day operations, into the management systems that form its first line of defence, and those that step in once these fail. It is into this latter category that most of the incident, emergency, issue, and continuity disciplines fall. These are necessary because an escalating situation is demanding a shift in priorities and resources, including specialist expertise and specific procedures, that are different from the routine processes an organisation conducts.
An emergency offers the classic model of this second line - normal functioning ceases in the face of an immediate threat, people drop what they are doing, a very different set of goals and objectives guide their actions, and performance is measured by quite different standards. The same will also apply to crisis management, as we shall discuss in due course.
Our main point here is to emphasise that what we are dealing with is FAILURE. This is an uncomfortable fact for many, but there is no sugar coating it. An emergency arises because normal systems have failed to avert it, and are incapable of handling the situation. A crisis erupts because an emergency response has been proved to be inadequate, at least in the eyes of key stakeholders.
With this in mind it follows that a critical aspect of crisis prevention and management is the monitoring of control mechanisms, in real time, to pick up those situations where they are not working as intended. This may because they are facing an unprecedented and unanticipated threat, something new and unexpected, it may be they are overwhelmed, or else due to human error. They may also not have been designed or installed correctly, they may not in fact be fit for purpose.
We can illustrate our point by looking at some examples of crises and highlighting the failures in management systems that led to them. These can be combined with our scales of harmful events to provide a useful overview of what went wrong and how they could have been prevented (see previous posts).
Here, for example, is Deepwater Horizon -
The reason why this is useful is the TIME component. Once the blow out took place all was pretty much lost, events unfolded rapidly and with few opportunities to restore control. The position took months to remedy. Many of the outcomes were catastrophic in that no recovery was possible, above all the lives that were lost. On the other hand, if we look at the elements in the design and planning phase, we find that months if not years were on hand to address the problems found at this level. The emergency plan, for example, which was found to have been cut and pasted from an Alaskan oil operation, was in place for years before the incident exposed how useless it was. The same is true for the safety, compliance, and change management issues that played an important role in the disaster, including the relationship with regulatory bodies who had to sign off on changes to the well designs.
If we turn our attention to the Yanacocha mercury spill, a very different pattern emerges. Here the main focus comes after the initial incident, as it spirals out of control. This process took several weeks, however, and the legal aftermath, which had an important effect on the company's social licence to operate, ran for years. So once again, this broader view of crisis prevention and response serves to create TIME, or at least to make use of what time does exist.
If we look at the VW diesel emissions scandal, we find a similar emphasis on the planning and design phase, long before the crisis broke into the open. However we also find some critical failures in the first and second lines of defence. These had a narrower scope than in the case of Yanacocha, meaning they would have been relatively more straightforward to deal with, seen from a crisis management perspective.
Strictly speaking a product recall should be placed along the scale somewhere around the disruption mark, but we are not attempting to cover every single scenario, just demonstrate a point about how to understand crises - as management failures.
The benefit of this approach is that it allows senior managers to know what to look for inside their organisations as a potential source of crisis, and so to monitor the position in real time. Every organisation will have different features in its design and evolution that shape its resilience, determine its strong points and create certain vulnerabilities, likewise their operations, routine management functions, and the extent to which first and second line defences are considered necessary and have been put in place and supplied with resources. A good understanding of this picture minimises the chance that executives will be confronted with nasty surprises.
If you would like Avoiding Catastrophe to take a look at your management systems and evaluate them for their ability to prevent a crisis breaking out, then contact us at firstname.lastname@example.org
These articles are also part of the training program we deliver on crisis management. If you would like to discuss aspects of this program, the issues we touch on, or are interested in the training, then either comment below or contact us at the same address.